Why is this important?
Surface Laptop Se's operating system (Cloud OS) has restrictions in place to make sure students can't access applications that aren't pre-approved. However, many testing applications and proxy filters still aren't supported. Managed installer gives admins a way to control what's installed on surface SE devices. 
Software Description 
Managed installer is a set of PowerShell scripts deployed to Surface Laptop SE devices that allows IT administrators to push out applications that aren't on the pre-approved education application list. This can be deployed via proactive remediations, Win32 Application Deployment, or a configuration service profile. 
windows 10 & 11 Compatible
Not at this time
surface laptop se compatible
Yes
Surface Laptop se

Deployment options
Proactive Remediation
Win32 App Installation
Powershell script
Deployment Considerations
Each method above has pro's and cons please review the list below
Proactive Remediation
Proactive Remediations are easier to deploy and can be pushed quickly. Since it detects for the issue and remediates it is also provides a report. Proactive remediations however don't run during autopilot setup. 
Proactive Remediation
Status: Deprecating
Win32 App Installation
win32 Application installation are harder to deploy and will take time to push out to an environment and report back. since this method is repackaged, the application can be required during autopilot setup. This makes it ideal for mass deployment
Win32 App Installation
Status: Still Testing
Powershell script
Powershell import and deployment is the easiest yet lacks the most reporting. intune scripts also wont run during the autopilot setup process. This is the best method for testing purposes. 
Powershell Script
STATUS: still testing
Managed installer 
Repackaging Status: Repackaging may be required
If your chosen deployment method from above is win32 app installation repackaging is required
Proactive remediation Deployment
Proactive remediation is a feature of Microsoft Endpoint Manager that uses script packages to detect and fix common support issues on devices before users notice them. The script packages consist of two scripts: one for detection and one for remediation. The scripts can run on a schedule or on demand.
the proactive remediation deployment option is meant to run after autopilot deployment has occurred if require applications need to be installed during autopilot the win32 or PowerShell script methods will need to be used and tested. 

surface laptop se proactive remediations download
I have pulled together the appropriate detection and remediation scripts in the following GitHub repository. This is owned by myself and comes with no legal liability. You will need to test this in your environment before fully pushing it out to your environment. 
Detection script download
Remediation script download
Proactive remediations deployment steps

Step 1
Login to microsoft endpointmanager
Step 2
navigate to the reporting node
Step 3
Navigate to the endpoint analytics node
Step 4
Navigate to the proactive remediations node
Step 5
Create a script package
Step 6
Name remediation & Fill in details
Step 7
import both the detection & Remediation scripts
Step 8
SET any scope tags as needed
Step 9
Set Assignment (Hourly at first) (Weekly after fully implemented)
Step 10
Review Details & Create
Please view the photos below
the photos below will outline the importation & deployment process
Surface laptop se proactive remediations deployment video
please see the video below on the procedure for importation and deployment via Intune
Managed Installer win32 repackaging
the following guide below will outline how to repackage and deploy the surface laptop se managed installer via Intune. this method may be preferred as it can be done during autopilot. Test before deploying.
Repackaging Guidance
A Separate Guide is available for guidance on repackaging applications using the intunewin32 repackager. please click the button below for access to that guide and continue below once complete. 
Managed installer win32 repackaging download
Please click the button below for access to the managed installer PowerShell script to repackage
Step 1
download script to your intune repackaging folder make sure the powershell script is in its own folder
Step 2
launch intune repackager and point the source directory to the location the managed installer powershell script is stored in. 
Step 3
specify the powershell script as the setup file make sure to include .ps1 at the end of the script name
Step 4
specify a separate output folder to store the created intunewin file
Step 5
wait for intunewin file creation and upload into intune as a win32 application
Managed Installer Win32 repackaging video
please view the video below on the process to repackage the managed installer powershell script
Intune Deployment
Now that the application has been repackaged it will need to be imported and deployed via Intune. Please use the application deployment guidance below to successfully deploy the application. test and edit as needed.
Application information
Name 
Surface Laptop SE Managed Installer
Description 
the following win32 application will add the intune management extension as a managed installer. this will allow educational it administrators to deploy applications via intune that aren't pre-approved on the educational application list Microsoft provides within se. 
Publisher 
Microsoft
Category 
Computer management
Information URL
Developer
Microsoft
Owner
Your Organizations name
Logo
No logo available for download
Program
Install Command
Powershell -executionpolicy Bypass -command "& {. .\ApplyManagedInstaller.ps1}"
Uninstall Command 
cmd /c
(None at this time)
Install Behavior
System
Device May Restart Parameter
App install may force a device restart
Install Codes 
Keep Defaults
Requirements
Operating Systems Architecture 
64-Bit
Minimum Operating Systems Architecture
Windows SE SV2 (Windows 11 22H2)
Disk Space Required
1
Detection
Rules Format
Manually Configure Detection Rules
Rule Type 
File
Path
c:\windows\system32\applocker
File or folder
ManagedInstaller.Applocker
Detection method
file or folder exists
Associated with 32bit app on 64bit client
no
Dependencies Required
None
Managed installer WIN32 Application intune deployment screenshots
please view the screenshots below with the process to deploy managed installer
Managed installer WIN32 Application intune deployment video
Please view the video below on the steps to deploy the repackaged managed installer application with intune
Managed installer win32 application 
Deployment Monitoring
Now that the application has been successfully uploaded and deployed, we can monitor the installation status on the main overview page.
Surface Laptop se Managed installer powershell method
please view the following part of this guide on how to use a PowerShell script imported into Intune to activate managed installer. This is preferable in a run once scenario. 
Managed installer download
please use the download button below to download the apply managed installer powershell script
Step 1
Login to the microsoft endpoint manager administration console
STEP 2
Click into the devices node
Step 3
Click Scripts in the middle node
Step 4
Click Add
Step 5
Click windows 10 and Later
step 6
Name Script: Surface Laptop SE Managed Installer
STEP 7
Select downloaded powershell script for import
Step 8
Set group assignment: Surface Laptop SE or Testing Group
Deployment Complete
We hope you found this guide helpful

You may also like

Back to Top